Flow-based網路流量分類技術的可行性之研究

Hsiang-Hsin Tseng; 曾祥信

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/45212

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	逄愛君(Ai-Chun Pang)
dc.contributor.author	Hsiang-Hsin Tseng	en
dc.contributor.author	曾祥信	zh_TW
dc.date.accessioned	2021-06-15T04:09:06Z	-
dc.date.available	2010-02-04
dc.date.copyright	2010-02-04
dc.date.issued	2010
dc.date.submitted	2010-02-03
dc.identifier.citation	[1] Cisco Corporation. Cisco ios flexible netflow. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/product data sheet0900aecd804b590b.html. [2] Inmon Corporation. Traffic monitoring using sflow. http://www.sflow.org/sFlowOverview.pdf. [3] Manuel Crotti, Maurizio Dusi, Francesco Gringoli, and Luca Salgarelli. Traffic classification through simple statistical fingerprinting. In ACM SIGCOMM Computer Communication Review, pages 5-16. ACM New York, NY, USA, 2007. [4] Mark Crovella and Balachander Crishnamurthy. Internet measurement: infrastructure, traffic, and application. John Wiley & Sons, 2006. [5] Christian Dewes, Arne Wichmann, and Anja Feldmann. An analysis of internet chat systems. In Internet Measurement Conferencee, pages 51-64. ACM New York, NY, USA, 2003. [6] Felix Hernandez-campos, F. Donelson Smith, Kevin JeRay, and Andrew B. Nobel. Statistical clustering of internet communication patterns. 2003. [7] Thomas Karagiannis, Andre Broido, and Michalis Faloutsos. Transport layer identification of p2p traffic. In Internet Measurement Conferencee, pages 121-134. ACM New York, NY, USA, 2004. [8] Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. Blinc: multilevel traffic classification in the dark. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, pages 229-240. ACM New York, NY, USA, 2005. [9] Anthony McGregor, Mark Hall, Perry Lorier, and James Brunskill. Flow clustering using machine learning techniques. In Passive and Active Network Measurement, pages 205-214. Springer Berlin / Heidelberg, 2004. [10] Andrew W. Moore and Konstantina Papagiannaki. Toward the accurate identification of network applications. In Passive and Active Measurement Conference (PAM). PAM, 2005. [11] Andrew W. Moore and Denis Zuev. Internet traffic classification using bayesian analysis techniques. In Joint International Conference on Measurement and Modeling of Computer Systems, pages 50-60. ACM New York, NY, USA, 2005. [12] Matthew Roughan, Subhabrata Sen, Oliver Spatscheck, and Nick Duffield. Class-of-service mapping for qos: a statistical signature-based approach to ip traffic classification. In Internet Measurement Conference, pages 135{148. ACM New York, NY, USA, 2004. [13] Luca Salgarelli, Francesco Gringoli, and Thomas Karagiannis. Comparing traffic classifiers. In ACM SIGCOMM Computer Communication Review, pages 65-68. ACM New York, NY, USA, 2007. [14] Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. In International World Wide Web Conference, pages 512-521. ACM New York, NY, USA, 2004.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/45212	-
dc.description.abstract	依照應用程式的種類來對 IP 流量進行分類，可說是所有先進網路管理平台必備的功能之一。然而，在過去十年間，由於許多應用程式開始使用各種巧妙的方法去避免輕易地被辨識出來，使得流量分類這項工作逐漸變成一個挑戰。在這種情況下，傳統的分類技術諸如 port-based 偵測機制很快地就失去效用。同時間，許多知名的研究團體陸續針對流量分類這個議題發表了一些有趣的論文，並提出各種不同性質的分類機制。其中不少分類方法在研究實驗裡展現出相當優異的表現。然而，我們認為現實的網路環境中存在一些因素，極可能會影響這些分類技術的表現。在這篇論文裡，我們實作出一個 flow-based 的 Internet 流量分類器，並利用真實的網路流量進行實驗，以測量此分類器的效能表現。雖然我們的分類方法是立基於前人的理論，不過我們的貢獻在於分析 flow-based 分類技術在真實網路環境下的可行性，根據我們的實驗、觀察及分析結果，可獲得對於此種分類技術更為深刻的洞察。我們的實驗結果展現出在真實世界中採用 flow-based 分類技術時的一些問題，其中有些問題可透過我們提出的機制予以解決，有些則需要更進一步的研究分析。此外，我們的研究也呈現出真實網路中常用的流量採樣（flow sampling）機制對於流量分類技術的影響。我們的結果顯示，flow-based 流量分類技術的有效性只侷限在一定範圍的採樣區間（sampling interval）之內。	zh_TW
dc.description.abstract	The classification of IP flows according to the applications that generated them is at the basis of any modern network management platform. It has become a challenge in the last decade since many applications use tricky ways to avoid being easily recognized. Classical techniques such as port-based detection are rapidly becoming ineffective. Many reputable research groups have published several interesting papers on traffic classification, proposing mechanisms of different nature. However, it is our opinion that some factors in real-world network environments would affect the effectiveness of these classification mechanisms. In this paper we implement a flow-based Internet traffic classifier and conduct an experiment to measure its performance dealing with real-world data traces. Even though the classification method is based on the work in the past, our contribution is to provide insights into flow-based traffic classification technique and to analyze the applicability of it. Our results expose several real-world issues while applying flow-based classification; some can be resolved by the mechanisms we propose, and some still need to be researched in further work. We also present the impact of flow sampling to the technique. Our results show that the effectiveness of flow-based traffic classification is limited in a certain range of sampling intervals.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T04:09:06Z (GMT). No. of bitstreams: 1 ntu-99-P95922010-1.pdf: 1841858 bytes, checksum: f8c0e9c901c6e671f3f70b7b7274c00f (MD5) Previous issue date: 2010	en
dc.description.tableofcontents	Contents Acknowledgement . . . . . . . . . . . . . . . . . . . . . i Chinese Abstract . . . . . . . . . . . . . . . . . . . . . v Abstract . . . . .. . . . . . . . . . . . . . . . . . . . vi 1 Introduction 1 2 Related Work 4 3 Flow Based Traffic Classification 6 3.1 Flow Analysis . . . . . . . . . . . . . . . . . . . 6 3.1.1 IP Flows . . . . . . . . . . . . . . . . . . . 6 3.1.2 Traffic Analysis by Flow Collector . . . . . . 7 3.1.3 Sampled Flows . . . . . . . . . . . . . . . . 9 3.2 Experiment Architecture . . . . . . . . . . . . . . 10 3.2.1 Payload Classification . . . . . . . . . . . 11 3.2.2 Flow Sampling . . . . . . . . . . . . . . . . 11 3.2.3 BITC . . . . . . . . . . . . . . . . . . . . 11 3.3 Implementation of BITC . . . . . . . . . . . . . . 12 3.3.1 Graphlets . . . . . . . . . . . . . . . . . . 12 3.3.2 Data Structures . . . . . . . . . . . . . . . 13 3.3.3 Flow Mapping . . . . . . . . . . . . . . . . 15 3.4 Data Description . . . . . . . . . . . . . . . . . 19 3.5 Evaluation Metrics . . . . . . . . . . . . . . . . 20 3.6 Observations and Enhancements . . . . . . . . . . . 23 3.6.1 Port Scan Problem . . . . . . . . . . . . . . 24 3.6.2 Passive FTP Issue . . . . . . . . . . . . . . 24 3.6.3 Compound Server Issue . . . . . . . . . . . . 27 3.6.4 Capture Opposite Flows of Web . . . . . . . . 28 3.7 Results . . . . . . . . . . . . . . . . . . . . . . 28 3.7.1 Numerical Results: Refined Classifier . . . . 29 3.7.2 Impact of Flow Sampling . . . . . . . . . . . 30 4 Conclusions 34 Bibliography 36
dc.language.iso	en
dc.subject	流量採樣	zh_TW
dc.subject	流量分類	zh_TW
dc.subject	演算法	zh_TW
dc.subject	傳輸層	zh_TW
dc.subject	主機行為	zh_TW
dc.subject	NetFlow	en
dc.subject	host behavior	en
dc.subject	transport layer	en
dc.subject	algorithms	en
dc.subject	flow sampling	en
dc.subject	Traffic classification	en
dc.title	Flow-based網路流量分類技術的可行性之研究	zh_TW
dc.title	A Study of Applicability of Flow-based Internet Traffic Classification	en
dc.type	Thesis
dc.date.schoolyear	98-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	郭大維(Tei-Wei Kuo),周承復(Cheng-Fu Chou),魏宏宇(Hung-Yu Wei)
dc.subject.keyword	流量分類,主機行為,傳輸層,演算法,流量採樣,	zh_TW
dc.subject.keyword	Traffic classification,NetFlow,host behavior,transport layer,algorithms,flow sampling,	en
dc.relation.page	37
dc.rights.note	有償授權
dc.date.accepted	2010-02-03
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-99-1.pdf 未授權公開取用	1.8 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。